IDSecurity Agent installation via MCM

Here are the step-by-step instructions on how to deploy the Identity360's IDSecurity Agent for Windows using the Microsoft Configuration Manager (MCM).

About the IDSecurity Agent
IDSecurity Agent installation using MCM
Steps for installing the IDSecurity Agent on a Windows machine

Step 1: Create a network share
Step 2: Create an application
Step 3: Specify the operating system requirements
Step 4: Deploy the application

Updating the Installation Key

About the IDSecurity Agent

The IDSecurity Agent is an extension of the standard credential provider from Microsoft. When installed, it can enable MFA for local Windows logins, RDP logins, and UAC actions to protect machines from credential-based attacks.

Supported platforms

The different platforms supported by the IDSecurity Agent are listed below.

Windows servers	Windows clients
Windows Server 2022	Windows 11
Windows Server 2019	Windows 10
Windows Server 2016	Windows 8.1
Windows Server 2012 R2	Windows 8

IDSecurity Agent installation using MCM

MCM, formerly known as Microsoft System Center Configuration Manager (SCCM), is a system management software product developed by Microsoft for managing large groups of computers running Windows OS. Using its software distribution capability, you can install the IDSecurity Agent to the desired computers in a domain.

Prerequisites

The MFA and SSO license for Identity360 is required to enable MFA for Windows logins. Visit our store for pricing details.
Currently, IDSecurity Agent is supported only for Windows devices that are joined to Azure AD or part of a hybrid AD setup.
Configure MFA settings located at Applications > Multi-factor Authentication > MFA for Endpoints > MFA for Windows machines in the Identity360 admin portal before installing the IDSecurity Agent.

Steps for installing the IDSecurity Agent on a Windows machine

Download the Identity360CloudIDSecurityAgent.msi file by logging into Identity360 admin portal > Applications > Multi-factor Authentication > MFA for Endpoints > Install IDSecurity Agent > Step 1 > Download.

Paste it in a network share.

Note: Make sure that the MCM administrator has read access to the network share in which the Identity360CloudIDSecurityAgent.msi file is located.

Step 2: Create an application

Go to the Microsoft Endpoint Configuration Manager console.
Navigate to Software Library > Application Management drop-down > Applications > Create Application.

In the General tab, click Browse next to the Source folder field.

Select the MSI file from the network share.

Click Next after viewing the imported information from the Import Information tab.

In the General Information tab, specify an appropriate name and necessary information. In the Installation program field, enter the following MSI command, while replacing <MSIPATH> and <KEY> as per the parameters mentioned below:

Installation command

Copy to Clipboard

msiexec.exe /i "<MSIPATH>" /qn INSTALLATION_KEY=<KEY>

The above command is used to execute the MSI file, intended for installation via MCM.

Parameters for the msiexec.exe command:

Key	Description
/i "<MSIPATH>"	This is the actual MSI file path. <MSIPATH> should be replaced with the actual MSI file path. The file path should be a valid network share path. For example, "\\server\share\Identity360CloudIDSecurityAgent.msi".
INSTALLATION_KEY=<KEY>	This is a mandatory parameter for authorizing a Windows machine with Identity360. Path to copy the installation key: Login to Identity360 admin portal > Applications > Multi-factor Authentication > MFA for Endpoints > Install IDSecurity Agent > Step 2 Replace <KEY> with the actual installation key.

Key

Description

/i "<MSIPATH>"

This is the actual MSI file path.

<MSIPATH> should be replaced with the actual MSI file path. The file path should be a valid network share path. For example, "\\server\share\Identity360CloudIDSecurityAgent.msi".

INSTALLATION_KEY=<KEY>

This is a mandatory parameter for authorizing a Windows machine with Identity360.

Path to copy the installation key: Login to Identity360 admin portal > Applications > Multi-factor Authentication > MFA for Endpoints > Install IDSecurity Agent > Step 2

Replace <KEY> with the actual installation key.

Customizing the IDSecurity Agent:

The customizations.json file is used to customize the IDSecurity Agent's default parameters. Before proceeding with the installation, ensure you prepare a customizations.json file similar to the provided sample below. This file should contain the necessary parameters that require modification. Place this file in the same network path as the MSI file created in step 2 of creating a network share. If customization is not required, the MSI will automatically utilize the default parameters.

If you have not prepared a customizations.json file during installation, you can still make adjustments by editing the file located at C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\conf\customizations.json

Note: Please refrain from making any modifications to any files aside from customizations.json found in the installation folder, as these files are integral to the functioning of the IDSecurity Agent. Any changes to these files may disrupt functionality of both the agent and the system.

Sample customizations.json file:

JSON

Copy to Clipboard

{
    "LogPath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\logs",
    "LogLevel": "NORMAL",
    "LogRotationMaxSize": "50",
    "LogArchivePath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\logs\\archive",
    "Title": "IDSecurity Agent",
    "WebclientFaviconPath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\resources\\favicon.ico"
}

The table below contains the list of default values and descriptions for all parameters.

Key	Default Value	Description
LogPath	C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\logs	The log file is stored here. Caution: Modifying the value is advised only if there is a valid reason to do so. If the value is altered, ensure that the folder permissions include write permissions for the Users group and the SYSTEM account.
LogLevel	NORMAL	The default value is set to NORMAL, providing comprehensive information essential for regular operation. If the value is changed to DEBUG, the log will incorporate detailed troubleshooting information crucial for the support team. Exercise caution, as setting the value to DEBUG will generate extra log entries, potentially causing a rapid increase in the log file's size.
LogRotationMaxSize	50	This parameter determines the maximum size of the log file. Upon reaching the specified limit, with a minimum of 10MB and a maximum of 50MB, a new log file is generated, and the previous log file is archived to the path specified in LogArchivePath.
LogArchivePath	C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\logs\archive	This refers to the file path where log files are archived once they reach the specified LogRotationMaxSize limit.
Title	IDSecurity Agent	Title of the MFA prompt.
WebclientFaviconPath	C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\resources\favicon.ico	Icon of the MFA prompt.

*Every key-value pair is a required parameter in the customizations.json file. The values can be replaced or modified.

Select Install for system from the Install behavior drop-down.

In the Summary tab, confirm the selected settings by clicking Next.

In the Completion tab, click Close to finish.

Step 3: Specify the operating system requirements

Select the application you have created for IDSecurity Agent in the Applications tab, then click Properties.

From the Properties tab, select the Deployment Types tab, then select the IDSecurity Agent's MSI file, and click Edit.

From the MSI file's Properties tab, select the Requirements tab. Click Add.

In the Condition field, select Operating system from the drop-down. Click OK.

In the Operator field, select One of from the drop-down.

Select the required operating systems, and click OK to finish.

Step 4: Deploy the application

Select the application you have created for IDSecurity Agent in the Applications tab, then click Deploy.

In the Deploy Software Wizard, click Browse next to the Collection field.

In the Select Collection window, choose Device Collections and then select the machines where the client software should be deployed. Click OK, then proceed by clicking Next.

In the Content tab, select Distribution Point from the Add drop-down.

Select the required Distribution Points from the list provided, then click OK.

Make sure that the distribution points that you selected are shown in the list. Click Next.

In the Deployment Settings tab, select Required to configure a custom schedule for the installation of the client software. Click Next.

In the Scheduling tab, specify the schedule for the deployment. Click Next.

Make the necessary changes in the User Experience tab. Click Next.

Make the necessary changes in the Alerts tab. Click Next.

In the Completion tab, confirm the settings chosen and click Close.

Updating the Installation Key

In case the current installation of the IDSecurity Agent is compromised, regenerate a new Installation Key by navigating to Applications > Multi-factor Authentication > Install IDSecurity Agent > Step 2 > Regenerate in Identity360 Admin portal. Copy the command along with the newly generated key and follow these steps to update the Installation Key.

Select the application you have created for IDSecurity Agent in the Applications tab, then click Properties.

From the Properties tab, select the Deployment Types tab, then choose the IDSecurity agent's MSI file, and click Edit.

In the MSI file's properties tab, select the Programs tab.
If the installation key is regenerated, modify the new Installation Key in the Installation Program field.
If the MSI file needs to be updated, replace the file in the network share. In the same window from the above step, select Browse in the Product code field, and choose the MSI file from the network share.